Secure unattended network authentication

ABSTRACT

A system for secure network access by unattended devices is described. The system describes how unattended devices that have encrypted data at rest and/or require secure authentication to an open network may procure the access credentials for authentication and/or decryption. With these access credentials, then the unattended devices may exchange information with and/or receive updates from servers on the network.

FIELD OF THE INVENTION

The present invention relates to secure network access by unattendedclient devices.

BACKGROUND

Technological advances have made possible an ever-increasing number ofdifferent hardware electronic devices designed for all kinds of tasks.Almost all of these client devices involve some firmware, operatingsystem software, and/or applications and/or program codes that requireoccasional updates or configuration changes. Some client devices mayinvolve data collection and data processing that requires an exchange ofinformation with servers on a network.

Depending upon the nature of the tasks involved, strong security may berequired for some client devices. Such strong security may includeencryption for the data on the client devices (data at rest) and/or forthe data exchanged by the client devices (data in communication). Thecredentials for strong security on the client devices typically requireexternal information involving users of the client devices, such aspasswords, PINs, smartcards, or biometrics. When client devices areunattended, the credentials are not available and therefore prevent theclient devices from receiving updates and or exchanging information withservers on the network. This is especially true in cases where thecredentials for network access are frequently changing, such as in highsecurity environments.

Current solutions to this problem are either labor intensive orcompromise security. For example, when smartcards are required forauthentication, such as in Department of Defense (DoD) or othercomparable government applications, client devices must be operated byusers in order to conduct the routine updates and or exchange ofinformation. This user involvement is costly and labor intensive.Solutions where the credentials are stored on the client devices areless labor intensive but defeat the purpose of the strong security,unless some kind of tamper detection or tamper resistance is employed.

Accordingly, there is a need for a system where unattended clientdevices can securely procure the credentials for secure network access.

SUMMARY

Accordingly, one embodiment of the present invention discloses a systemwhere an unattended first device sends a request for access credentialsto a second device; the second device then sends a request for accesscredentials to a third device, exchanges pairing credentials with thethird device, and if authenticated, receives access credentials from thethird device, and sends the access credentials to the first device; thefirst device then sends the access credentials to a fourth device, andif validated, exchanges information with the fourth device.

Another exemplary embodiment of the present invention discloses a systemwhere an unattended first device sends a request for access credentialsto a second device; the second device sends the access credentials tothe first device; the first device then sends the access credentials toa third device, and if validated, exchanges information with the thirddevice.

The foregoing illustrative summary, as well as other exemplaryobjectives and/or advantages of the invention, and the manner in whichthe same are accomplished, are further explained within the followingdetailed description and its accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1A and FIG. 1B are block diagrams of the hardware elements of thesystem in accordance embodiments of the disclosed subject matter.

FIG. 2A and FIG. 2B are schematics outlining the initial provisioning ofpairing credentials in accordance with embodiments of the disclosedsubject matter.

FIG. 3A and FIG. 3B are schematics detailing the procurement of accesscredentials by an unattended client device in accordance withembodiments of the disclosed subject matter.

FIG. 4A and FIG. 4B are block diagrams of the hardware elements of thesystem according to embodiments of the present invention.

FIG. 5A and FIG. 5B are schematics outlining the procurement of accesscredentials by an unattended client device according to embodiments ofthe present invention.

DETAILED DESCRIPTION

The present invention embraces the concept of unattended devicesprocuring access credentials for network access and/or data encryptionso that updates may be received from servers and/or informationexchanged with servers in a manner that does not compromise security orincrease labor overhead.

In the present disclosure, “unattended” refers to the fact that theclient device is not operated by a user who has authenticated to thedevice (by password, PIN, smartcard, biometric, etc.) at the time thatthe client device procures the access credentials necessary to allow thedevice to exchange information with and/or receive updates from serverson a network. Unattended client devices may procure access credentialsby timed or triggered means that are well understood in the art, i.e.client devices may procure the access credentials according to a regulartime schedule or in response to some triggering event, such as anotification of new data to exchange or the availability of a newupdate.

Also, in the present disclosure, “pairing credentials” refer to thosecredentials which authenticate the client device to a token server, and“access credentials” refer to those credentials which authenticate theclient device to a server and/or decrypt an encrypted file system on theclient device. The “access credential” includes, but is not limited to,a one-time password, a symmetric key, a public key along with itsprivate key, for instance using the public key cryptography standards(PKCS) certificate formats, or the like.

Further, in the present disclosure, “authentication credentials” referto those credentials which authenticate the client device and the securecredential device.

In the specification and/or figures, typical embodiments of theinvention have been disclosed. The present invention is not limited tosuch exemplary embodiments. The use of the term “and/or” includes anyand all combinations of one or more of the associated listed items. Thefigures are schematic representations and so are not necessarily drawnto scale. Unless otherwise noted, specific terms have been used in ageneric and descriptive sense and not for purposes of limitation.

FIG. 1A illustrates an exemplary system 100 for one embodiment of thepresent invention. In general, the system 100 includes a client device(CD) 110, a secure credential device (SCD) 150, a token server (TS) 130,and a server (S) 140. The client device 110, secure credential device150, token server 130, and server 140 may be implemented in any form ofdigital computer or mobile device. Digital computers may include, butare not limited to, laptops, desktops, workstations, fixed vehiclecomputers, vehicle mount computers, hazardous environment computers,rugged mobile computers, servers, blade servers, mainframes, otherappropriate computers. Mobile devices may include, but are not limitedto, cellular telephones, smart phones, personal digital assistants,tablets, pagers, two-way radios, netbooks, barcode scanners, radiofrequency identification (RFID) readers, intelligent sensors, trackingdevices, and other similar computing devices.

In some embodiments of the present invention, the client device 110,secure credential device 150, token server 130, and server 140 areconnected via a network 170. The network 170 may be any type of widearea network (WAN), such as the Internet, Local Area Network (LAN), orthe like, or any combination thereof, and may include wired components,such as Ethernet, wireless components, such as LTE, Wi-Fi, Bluetooth, ornear field communication (NFC), or both wired and wireless components,collectively represented by the data links 172, 174, 176, and 178.

Note that while token server 130 and server 140 are illustrated in FIG.1A, FIG. 1B, FIG. 4A, and FIG. 4B as individual single servers, each mayalternatively be distributed across multiple servers having therespective functionality of the token server 130 and server 140. Andstill in other embodiments, the token server 130 and server 140 may alsobe combined into one single server or distributed across multipleservers having the overall combined functionality of token server 130and server 140.

In general, the server 140 includes at least one processor 142 andassociated memory 144 and a communication interface 148, such as wiredEthernet or wireless such as Wi-Fi, Bluetooth or NFC. The server 140 mayalso include additional components such as a storage component 146. Thecomponents of server 140 may be interconnected using one or more buses141 and may be mounted on a motherboard (not shown) or some otherappropriate configuration.

Similarly, in general, the token server 130 includes at least oneprocessor 132 and associated memory 134 and a communication interface138, such as wired Ethernet or wireless such as Wi-Fi, Bluetooth or NFC.The token server 130 may also include additional components such as astorage component 136. The components of token server 130 may beinterconnected using one or more buses 131 and may be mounted on amotherboard (not shown) or some other appropriate configuration.

Further, in general, the secure credential device 150 includes at leastone processor 152 and associated memory 154 and a communicationinterface 158, such as wired Ethernet or wireless such as Wi-Fi,Bluetooth or NFC. The secure credential device 150 may also includeadditional components such as a secure storage element 160 andslots/ports 156. The components of the secure credential device 150 maybe interconnected using one or more buses 151 and may be mounted on amotherboard (not shown) or some other appropriate configuration. Thesecured credential device 150 has a wired communication channel 164connecting it to the client device 110. The wired communication channel164 may be USB, I²C, or other computer bus. In one embodiment, the wiredcommunication channel 164 between the secure credential device 150 andthe client device 110 can be protected by authentication; in thisembodiment, the client device 110 stores the authentication credentialsin the secure storage element 160 during an initial provisioning processthat occurs while the client device 110 is still authenticated with auser. The secure credential device is also fixed in location 162,meaning that it is non-moveable.

The secure credential device 150 is built for tamper detection, tamperresistance, or both. In some embodiments, just specific components ofthe secure credential device 150 may be built for tamper detection,tamper resistance, or both, such as the secure storage element 160.Tamper detection methods include, but are not limited to, detection ofultraviolet fluorescent chemicals, detection of varying temperature,detection of varying clocking information, detection of varying voltage,and detection of varying electrical signals. Tamper resistance methodsinclude, but are not limited to, the use of a potted material whichwould destroy one or more components of the secure credential device150, such as the secure storage element 160, upon removal. Other tamperdetection and tamper resistant methods are understood in the art and maybe employed herein. In some embodiments, the secure credential devicewould report the detected tampering and might cause temporary orpermanent disablement of the secure credential device. In yet otherembodiments, where the secure storage element 160 of the securecredential device 150 implements tamper control that is acceptable andthe communication interface 158 is wireless, the secure credentialdevice 150 may further be designed to meet FIPS-140-2 by layering aprotocol on top of the base wireless that uses validated encryptionalgorithms such as Advanced Encryption Standard (AES). In theseembodiments, additional wireless encryption pairing credentials would berequired between the secure credential device 150 and token server 130to derive a link key for the validated encryption algorithm.

In one embodiment, the secure credential device 150 would be a dock forthe client device 110. The dock would have the ability to cache accesscredentials and would include one or more mechanisms for providing userlevel authentication, including but not limited to: a common access card(CAC) reader, a touchscreen, a keypad, and a display for password entry.The dock further provides the recharging of the battery and ensures theessential constant power supply to the client device 110 during criticalsoftware and firmware updates.

In general, the client device 110 includes a processor 112 andassociated memory 116 as well as a communication interface 122, such aswired Ethernet or wireless such as Wi-Fi, Bluetooth, or NFC. The clientdevice 110 may include additional components such as a storage component118 such as a hard drive or solid state drive, a location determinationcomponent 134 such as a Global Positioning System (GPS) chip, audioinput component 124 such as a microphone, audio output component 128such as a speaker, visual input component 126 such as a camera orbarcode reader, visual output component 130 such as a display, and auser input component 120 such as a touchscreen, navigation shuttle, softkeys, or the like, and slots/ports 132 which may be used for smart cardreaders or for wired connections 164 with the secure credential device150 over USB, I2C, or computer bus. The components of client device 110may be interconnected using one or more buses 114 and may be mounted ona motherboard (not shown) or some other appropriate configuration.

FIG. 1B illustrates another embodiment of the present invention. Theembodiment in FIG. 1B is similar to FIG. 1A with the exception that inFIG. 1B, the secure credential device 150 is internal to the clientdevice 110. While FIG. 1B illustrates separate components for the clientdevice 110 and secure credential device 150, in an alternativeembodiment, the comparable components from the client device 110 andsecure credential device 150 could be the same, i.e. processor 112 and152, memory 116 and 154, communication interface 122 and 158, andcommunication link 172 and 178, and there may not be a need forslots/ports 132 and 156, since bus 114 and 151 may be the same. In someembodiments, the storage 118 and secure storage element 160 could alsobe the same, provided that the combination of the secure credentialdevice 150 and client device 110 still allow for tamper detection,tamper resistance, or both.

FIG. 2A illustrates one embodiment of the present invention where thetoken server pairing credentials are initially provisioned on the securecredential device 150 using out of band means. In Step 2A-1, the pairingcredentials are provisioned on the secure credential device 150 by auser who manually enters the credentials, copies them from a thumb driveor flash drive, or transfers them using NFC. In Step 2A-2, the securecredential device 150 then securely stores the pairing credentials inthe secure storage element 160 for use in future sessions.

FIG. 2B illustrates an alternative embodiment of the present inventionwhere the token server pairing credentials are initially provisioned onthe secure credential device by pairing with the token server 130. Instep 2B-1, the secure credential device 150 sends a pairing request withinitial credentials to the token server 130. In step 2B-2, the tokenserver 130 accepts the pairing request, and in step 2B-3, the tokenserver and secure credential device exchange pairing credentials (i.e.the pairing key). In step 2B-4, the secure credential device then storesthe pairing credentials for use in future sessions.

FIG. 3A illustrates the communication flow between the elements ofsystem 100 of FIGS. 1A and 1B where the client device 110 procuresaccess credentials from the token server 130 through the securecredential device 150 for accessing server 140. In step 3A-1, the clientdevice 110 sends a request for the access credentials to the securecredential device 150. In step 3A-2, the secure credential device 150sends a request for the access credentials to the token server 130. Thesecure credential device 150 and token sever 130 exchange pairingcredentials to authenticate (Step 3A-3), and if authenticated (Step3A-4), the token server 130 sends the access credentials to the securecredential device 150. In step 3A-5, the secure credential device 150then stores the access credentials for use in a future session. In otherembodiments, the secure credential device 150 does not store the accesscredentials but obtains them from the token server 130 each time theclient device 110 needs to access the server 140, such as might berequired in highly secure environments when the access credentials maybe changing with greater frequency. In step 3A-6, the secure credentialdevice 150 then sends the access credentials to the client device 110,which then sends them to the server 140 (Step 3A-7). If the servervalidates the access credentials (Step 3A-8), then the client device 110and server 140 exchange information (Step 3A-9). The informationexchanged includes, but is not limited to, firmware updates, operatingsystem updates, application and/or program code updates, configurationsetting changes, and customer data exchange.

FIG. 3B illustrates another embodiment of the present invention. Theembodiment in FIG. 3B is similar to FIG. 3A with the exception that inFIG. 3B, there is the added step 3B-9 where the access credentials areused to unlock the local encrypted file system on the client device 110so that information may be exchanged with server 140.

FIG. 4A illustrates yet another embodiment of the present invention. Inthis embodiment, the secure credential device 150 is external to theclient device 110 but does not contain a communication interface forcommunicating with the token server 130 as in FIG. 1A. Because thesecure credential device cannot communicate with the token server 130,it must be initially provisioned with the access credentials, such as atthe time of manufacture where the access credentials would be includedin the operating system image installed on the secure credential device.

FIG. 4B illustrates another embodiment of the present invention. In thisembodiment, the secure credential device 150 is internal to the clientdevice 110. While FIG. 4B illustrates separate components for the clientdevice 110 and secure credential device 150, in an alternativeembodiment, the comparable components could be the same, i.e. processor112 and 152, and memory 116 and 154, and there may not be a need forslots/ports 132 and 156, since bus 114 and 151 may be the same. In someembodiments, the storage 118 and secure storage element 160 could alsobe the same, provided that the combination of the secure credentialdevice 150 and client device 110 still allow for tamper detection,tamper resistance, or both.

FIG. 5A illustrates the communication flow between the elements ofsystem 100 of FIGS. 4A and 4B where the client device 110 procuresaccess credentials from the secure credential device 150 for accessingserver 140. In step 5A-1, the client device 110 sends a request foraccess credentials to the secure credential device 150. Because thesecure credential device 150 has already been provisioned with theaccess credentials at time of manufacture (Step 5A-2), then the securecredential device 150 can just send the access credentials to the clientdevice 110 (Step 5A-3) which then sends them to the server 140 (Step5A-4). If the access credentials are validated (Step 5A-5), then theclient device 110 and server 140 exchange information (Step 5A-6). Asbefore, the information exchanged includes, but is not limited to,firmware updates, operating system updates, application and/or programcode updates, configuration setting changes, and customer data exchange.In some embodiments, the secure credential device 150 could beequivalent to a smartcard that could be used to perform the symmetric orprivate key encryption.

FIG. 5B illustrates another embodiment of the present invention. Theembodiment in FIG. 5B is similar to FIG. 5A with the exception that inFIG. 5B, there is the added step 5B-6 where the access credentials areused to unlock the local encrypted file system on the client device 110so that information may be exchanged with server 140.

Several implementations have been described herein. However, it will beunderstood that various modifications may be made without departing fromthe spirit and scope of the invention.

Additionally, the communication flows in the schematics of the figuresdo not require the particular order shown or sequential order to achievethe specified results. Further, other steps may be provided oreliminated from the schematics and other components may be added to orremoved from the described systems. These other implementations arewithin the scope of the claims.

The following represent exemplary embodiments of the present disclosure.

A1. A system, comprising:

an unattended first device comprising:

-   -   a first communication interface;    -   a first control system communicatively coupled to the first        communication interface and comprising at least one first        hardware processor and a first memory storing program codes        operable to:        -   send a request to the second device for access credentials;        -   receive the access credentials;        -   send the access credentials to the fourth device; and        -   if the access credentials is validated, exchange information            with the fourth device.

a second device comprising:

-   -   a second communication interface;    -   a second secured storage element;    -   a second control system communicatively coupled to the second        communication interface and comprising at least one second        hardware processor and a second memory storing program codes        operable to:        -   receive a request for the access credentials from the first            device;        -   send a request for the access credentials to the third            device;        -   exchange pairing credentials with the third device to            authenticate with the third device;        -   if authenticated with the third device, receive the access            credentials; and        -   send the access credentials to the first device;

a third device comprising:

-   -   a third communication interface;    -   a third control system communicatively coupled to the third        communication interface and comprising at least one third        hardware processor and a third memory storing program codes        operable to:        -   receive a request for the access credentials from the second            device;        -   exchange pairing credentials with the second device to            authenticate with the second device;        -   if authenticated with the second device, send the access            credentials to the second device; and

a fourth device comprising:

-   -   a fourth communication interface;    -   a fourth control system communicatively coupled to the fourth        communication interface and comprising at least one fourth        hardware processor and a fourth memory storing program codes        operable to:        -   receive access credentials from the first device;        -   validate the access credentials; and        -   if validated, exchange information with the first device.

A2. The system of embodiment A1, wherein the second device is internalto the first device.

A3. The system of embodiment A1, further comprising the first deviceusing the access credentials to decrypt an encrypted file system.

A4. The system of embodiment A1, wherein the information exchangedbetween the fourth device and the first device comprises one of thegroup consisting of: information to update software on the first device,information to update firmware on the first device, information toupdate applications on the first device, information to update programcodes on the first device, information to make configuration settingchanges on the first device, information to update the operating systemon the first device, and information pertaining to customer data.

A5. The system of embodiment A1, wherein the pairing credentials storedin the second device are stored in a tamper resistant manner.

A6. The system of embodiment A5, wherein the tamper resistant mannercomprises use of potted material which would destroy one or morecomponents of the second device upon removal.

A7. The system of embodiment A1, wherein the pairing credentials storedin the second device are stored in a manner to provide for tamperdetection.

A8. The system of embodiment A7, wherein the manner to provide fortamper detection comprises one of the group consisting of: detection ofultraviolet fluorescent chemicals, detection of varying temperature,detection of varying clocking information, detection of varying voltage,and detection of varying electrical signals.

A9. The system of embodiment A7, wherein the second device, upon tamperdetection, is further operable to:

-   -   report the detected tampering; and    -   disable one or more components of the second device.

A10. The system of embodiment A1, wherein the pairing credentials arestored according to National Institute of Standards and Technology(NIST) standards.

A11. The system of embodiment A1, wherein the pairing credentialsexchanged between the second and third device are exchanged byout-of-band means.

A12. The system of embodiment A11, wherein the out-of-band meanscomprises one of the group consisting of: direct user input at thesecond and third devices, use of a thumb drive at the second and thirddevices, use of a universal serial bus (USB) cable between the secondand third device, or use of wired Ethernet cable between the second andthird device.

A13. The system of embodiment A1, wherein the pairing credentialsexchanged between the second and third device are exchanged by use of awireless communication channel.

A14. The system of embodiment A13, wherein the wireless communicationchannel comprises one of the group consisting of: Bluetooth and a nearfield communication (NFC).

A15. The system of embodiment A14, wherein the wireless communicationchannel is secured with an encryption algorithm.

A16. The system of embodiment A1, wherein the second device is a dockfor the first device with at least one mechanism for providing userlevel authentication, wherein the mechanism for providing user levelauthentication is selected from the group consisting of: a common accesscard (CAC) reader, a touchscreen, a keypad, and a display for passwordentry.

A17. The system of embodiment A1, wherein the access credentialscomprise one of a group consisting of: a one-time password, a symmetrickey, a public key along with its private key, and a public keycryptography standard (PKCS) certificate.

A18. The system of embodiment A1, wherein the second device is furtheroperable to:

-   -   send a pairing request with initial credentials to the third        device;    -   receive an acceptance of the pairing request form the third        device; and    -   exchange pairing credentials with the third device.

A19. The system of embodiment A1, wherein the third device is furtheroperable to:

-   -   receive a pairing request with initial credentials from the        second device;    -   send an acceptance of the pairing request to the second device;        and    -   exchange pairing credentials with the second device.

A20. The system of embodiment A1, wherein the second device is furtheroperable to:

-   -   store the access credentials.

A21. The system of embodiment A20, wherein the access credentials arestored in a tamper resistant manner.

A22. The system of embodiment A21, wherein the tamper resistant mannercomprises use of potted material which would destroy one or morecomponents of the second device upon removal.

A23. The system of embodiment A20, wherein the access credentials arestored in a manner to provide for tamper detection.

A24. The system of embodiment A23, wherein the manner to provide fortamper detection comprises: detection of ultraviolet fluorescentchemicals, detection of varying temperature, detection of varyingclocking information, detection of varying voltage, and detection ofvarying electrical signals.

A25. The system of embodiment A23, wherein the second device, upontamper detection, is further operable to:

-   -   report the detected tampering; and    -   disable one or more components of the second device.

B26. A system, comprising:

an unattended first device comprising:

-   -   a first communication interface;    -   a first control system communicatively coupled to the first        communication interface and comprising at least one first        hardware processor and a first memory storing program codes        operable to:        -   send a request to the second device for access credentials;        -   receive the access credentials;        -   send the access credentials to the third device; and        -   if the access credentials are validated, exchange            information with the third device.

a second device comprising:

-   -   a second communication interface;    -   a second secured storage element;    -   a second control system communicatively coupled to the second        communication interface and comprising at least one second        hardware processor and a second memory storing program codes        operable to:        -   receive a request for the access credentials from the first            device; and        -   send the access credentials to the first device; and

a third device comprising:

-   -   a third communication interface;    -   a third control system communicatively coupled to the third        communication interface and comprising at least one third        hardware processor and a third memory storing program codes        operable to:        -   receive the access credentials from the first device;        -   validate the access credentials; and        -   if validated, exchange information with the first device.

B27. The system of embodiment B26, wherein the second device is internalto the first device.

B28. The system of embodiment B26, further comprising the first deviceusing the access credentials to decrypt an encrypted file system.

B29. The system of embodiment B26, wherein the information exchangedbetween the third device and the first device comprises one of the groupconsisting of: information to update software on the first device,information to update firmware on the first device, information toupdate applications on the first device, information to update programcodes on the first device, information to make configuration settingchanges on the first device, information to update the operating systemon the first device, and information pertaining to customer data.

B30. The system of embodiment B26, wherein the second device stores theaccess credentials in a tamper resistant manner.

B31. The system of embodiment B30, wherein the tamper resistant mannercomprises use of potted material which would destroy one or morecomponents of the second device upon removal.

B32. The system of embodiment B30, wherein the second device stores theaccess credentials in a manner to provide for tamper detection.

B33. The system of embodiment B32, wherein the manner to provide fortamper detection comprises: detection of ultraviolet fluorescentchemicals, detection of varying temperature, detection of varyingclocking information, detection of varying voltage, and detection ofvarying electrical signals.

B34. The system of embodiment B32, wherein the second device, upontamper detection, is further operable to:

-   -   report the detected tampering; and    -   disable one or more components of the second device.

B35. The system of embodiment B26, wherein the second device stores theaccess credentials according to NIST standards.

B36. The system of embodiment B26, wherein the access credentialscomprise one of a group consisting of: a one-time password, a symmetrickey, a public key along with its private key, and a PKCS certificateformat.

B37. The system of embodiment B26, wherein the second device isinitially provisioned with the access credentials.

B38. The system of embodiment 37, wherein the initial provisioningcomprises the inclusion of the access credentials in the operatingsystem image installed on the second device.

To supplement the present disclosure, this application incorporatesentirely by reference the following commonly assigned patents, patentapplication publications, and patent applications:

-   U.S. Pat. No. 6,832,725; U.S. Pat. No. 7,128,266;-   U.S. Pat. No. 7,159,783; U.S. Pat. No. 7,413,127;-   U.S. Pat. No. 7,726,575; U.S. Pat. No. 8,294,969;-   U.S. Pat. No. 8,317,105; U.S. Pat. No. 8,322,622;-   U.S. Pat. No. 8,366,005; U.S. Pat. No. 8,371,507;-   U.S. Pat. No. 8,376,233; U.S. Pat. No. 8,381,979;-   U.S. Pat. No. 8,390,909; U.S. Pat. No. 8,408,464;-   U.S. Pat. No. 8,408,468; U.S. Pat. No. 8,408,469;-   U.S. Pat. No. 8,424,768; U.S. Pat. No. 8,448,863;-   U.S. Pat. No. 8,457,013; U.S. Pat. No. 8,459,557;-   U.S. Pat. No. 8,469,272; U.S. Pat. No. 8,474,712;-   U.S. Pat. No. 8,479,992; U.S. Pat. No. 8,490,877;-   U.S. Pat. No. 8,517,271; U.S. Pat. No. 8,523,076;-   U.S. Pat. No. 8,528,818; U.S. Pat. No. 8,544,737;-   U.S. Pat. No. 8,548,242; U.S. Pat. No. 8,548,420;-   U.S. Pat. No. 8,550,335; U.S. Pat. No. 8,550,354;-   U.S. Pat. No. 8,550,357; U.S. Pat. No. 8,556,174;-   U.S. Pat. No. 8,556,176; U.S. Pat. No. 8,556,177;-   U.S. Pat. No. 8,559,767; U.S. Pat. No. 8,599,957;-   U.S. Pat. No. 8,561,895; U.S. Pat. No. 8,561,903;-   U.S. Pat. No. 8,561,905; U.S. Pat. No. 8,565,107;-   U.S. Pat. No. 8,571,307; U.S. Pat. No. 8,579,200;-   U.S. Pat. No. 8,583,924; U.S. Pat. No. 8,584,945;-   U.S. Pat. No. 8,587,595; U.S. Pat. No. 8,587,697;-   U.S. Pat. No. 8,588,869; U.S. Pat. No. 8,590,789;-   U.S. Pat. No. 8,596,539; U.S. Pat. No. 8,596,542;-   U.S. Pat. No. 8,596,543; U.S. Pat. No. 8,599,271;-   U.S. Pat. No. 8,599,957; U.S. Pat. No. 8,600,158;-   U.S. Pat. No. 8,600,167; U.S. Pat. No. 8,602,309;-   U.S. Pat. No. 8,608,053; U.S. Pat. No. 8,608,071;-   U.S. Pat. No. 8,611,309; U.S. Pat. No. 8,615,487;-   U.S. Pat. No. 8,616,454; U.S. Pat. No. 8,621,123;-   U.S. Pat. No. 8,622,303; U.S. Pat. No. 8,628,013;-   U.S. Pat. No. 8,628,015; U.S. Pat. No. 8,628,016;-   U.S. Pat. No. 8,629,926; U.S. Pat. No. 8,630,491;-   U.S. Pat. No. 8,635,309; U.S. Pat. No. 8,636,200;-   U.S. Pat. No. 8,636,212; U.S. Pat. No. 8,636,215;-   U.S. Pat. No. 8,636,224; U.S. Pat. No. 8,638,806;-   U.S. Pat. No. 8,640,958; U.S. Pat. No. 8,640,960;-   U.S. Pat. No. 8,643,717; U.S. Pat. No. 8,646,692;-   U.S. Pat. No. 8,646,694; U.S. Pat. No. 8,657,200;-   U.S. Pat. No. 8,659,397; U.S. Pat. No. 8,668,149;-   U.S. Pat. No. 8,678,285; U.S. Pat. No. 8,678,286;-   U.S. Pat. No. 8,682,077; U.S. Pat. No. 8,687,282;-   U.S. Pat. No. 8,692,927; U.S. Pat. No. 8,695,880;-   U.S. Pat. No. 8,698,949; U.S. Pat. No. 8,717,494;-   U.S. Pat. No. 8,717,494; U.S. Pat. No. 8,720,783;-   U.S. Pat. No. 8,723,804; U.S. Pat. No. 8,723,904;-   U.S. Pat. No. 8,727,223; U.S. Pat. No. D702,237;-   U.S. Pat. No. 8,740,082; U.S. Pat. No. 8,740,085;-   U.S. Pat. No. 8,746,563; U.S. Pat. No. 8,750,445;-   U.S. Pat. No. 8,752,766; U.S. Pat. No. 8,756,059;-   U.S. Pat. No. 8,757,495; U.S. Pat. No. 8,760,563;-   U.S. Pat. No. 8,763,909; U.S. Pat. No. 8,777,108;-   U.S. Pat. No. 8,777,109; U.S. Pat. No. 8,779,898;-   U.S. Pat. No. 8,781,520; U.S. Pat. No. 8,783,573;-   U.S. Pat. No. 8,789,757; U.S. Pat. No. 8,789,758;-   U.S. Pat. No. 8,789,759; U.S. Pat. No. 8,794,520;-   U.S. Pat. No. 8,794,522; U.S. Pat. No. 8,794,526;-   U.S. Pat. No. 8,798,367; U.S. Pat. No. 8,807,431;-   U.S. Pat. No. 8,807,432; U.S. Pat. No. 8,820,630;-   International Publication No. 2013/163789;-   International Publication No. 2013/173985;-   International Publication No. 2014/019130;-   International Publication No. 2014/110495;-   U.S. Patent Application Publication No. 2008/0185432;-   U.S. Patent Application Publication No. 2009/0134221;-   U.S. Patent Application Publication No. 2010/0177080;-   U.S. Patent Application Publication No. 2010/0177076;-   U.S. Patent Application Publication No. 2010/0177707;-   U.S. Patent Application Publication No. 2010/0177749;-   U.S. Patent Application Publication No. 2011/0202554;-   U.S. Patent Application Publication No. 2012/0111946;-   U.S. Patent Application Publication No. 2012/0138685;-   U.S. Patent Application Publication No. 2012/0168511;-   U.S. Patent Application Publication No. 2012/0168512;-   U.S. Patent Application Publication No. 2012/0193423;-   U.S. Patent Application Publication No. 2012/0203647;-   U.S. Patent Application Publication No. 2012/0223141;-   U.S. Patent Application Publication No. 2012/0228382;-   U.S. Patent Application Publication No. 2012/0248188;-   U.S. Patent Application Publication No. 2013/0043312;-   U.S. Patent Application Publication No. 2013/0056285;-   U.S. Patent Application Publication No. 2013/0070322;-   U.S. Patent Application Publication No. 2013/0075168;-   U.S. Patent Application Publication No. 2013/0082104;-   U.S. Patent Application Publication No. 2013/0175341;-   U.S. Patent Application Publication No. 2013/0175343;-   U.S. Patent Application Publication No. 2013/0200158;-   U.S. Patent Application Publication No. 2013/0256418;-   U.S. Patent Application Publication No. 2013/0257744;-   U.S. Patent Application Publication No. 2013/0257759;-   U.S. Patent Application Publication No. 2013/0270346;-   U.S. Patent Application Publication No. 2013/0278425;-   U.S. Patent Application Publication No. 2013/0287258;-   U.S. Patent Application Publication No. 2013/0292475;-   U.S. Patent Application Publication No. 2013/0292477;-   U.S. Patent Application Publication No. 2013/0293539;-   U.S. Patent Application Publication No. 2013/0293540;-   U.S. Patent Application Publication No. 2013/0306728;-   U.S. Patent Application Publication No. 2013/0306730;-   U.S. Patent Application Publication No. 2013/0306731;-   U.S. Patent Application Publication No. 2013/0307964;-   U.S. Patent Application Publication No. 2013/0308625;-   U.S. Patent Application Publication No. 2013/0313324;-   U.S. Patent Application Publication No. 2013/0313325;-   U.S. Patent Application Publication No. 2013/0341399;-   U.S. Patent Application Publication No. 2013/0342717;-   U.S. Patent Application Publication No. 2014/0001267;-   U.S. Patent Application Publication No. 2014/0002828;-   U.S. Patent Application Publication No. 2014/0008430;-   U.S. Patent Application Publication No. 2014/0008439;-   U.S. Patent Application Publication No. 2014/0025584;-   U.S. Patent Application Publication No. 2014/0027518;-   U.S. Patent Application Publication No. 2014/0034734;-   U.S. Patent Application Publication No. 2014/0036848;-   U.S. Patent Application Publication No. 2014/0039693;-   U.S. Patent Application Publication No. 2014/0042814;-   U.S. Patent Application Publication No. 2014/0049120;-   U.S. Patent Application Publication No. 2014/0049635;-   U.S. Patent Application Publication No. 2014/0061305;-   U.S. Patent Application Publication No. 2014/0061306;-   U.S. Patent Application Publication No. 2014/0063289;-   U.S. Patent Application Publication No. 2014/0066136;-   U.S. Patent Application Publication No. 2014/0067692;-   U.S. Patent Application Publication No. 2014/0070005;-   U.S. Patent Application Publication No. 2014/0071840;-   U.S. Patent Application Publication No. 2014/0074746;-   U.S. Patent Application Publication No. 2014/0075846;-   U.S. Patent Application Publication No. 2014/0076974;-   U.S. Patent Application Publication No. 2014/0078341;-   U.S. Patent Application Publication No. 2014/0078342;-   U.S. Patent Application Publication No. 2014/0078345;-   U.S. Patent Application Publication No. 2014/0084068;-   U.S. Patent Application Publication No. 2014/0097249;-   U.S. Patent Application Publication No. 2014/0098792;-   U.S. Patent Application Publication No. 2014/0100774;-   U.S. Patent Application Publication No. 2014/0100813;-   U.S. Patent Application Publication No. 2014/0103115;-   U.S. Patent Application Publication No. 2014/0104413;-   U.S. Patent Application Publication No. 2014/0104414;-   U.S. Patent Application Publication No. 2014/0104416;-   U.S. Patent Application Publication No. 2014/0104451;-   U.S. Patent Application Publication No. 2014/0106594;-   U.S. Patent Application Publication No. 2014/0106725;-   U.S. Patent Application Publication No. 2014/0108010;-   U.S. Patent Application Publication No. 2014/0108402;-   U.S. Patent Application Publication No. 2014/0108682;-   U.S. Patent Application Publication No. 2014/0110485;-   U.S. Patent Application Publication No. 2014/0114530;-   U.S. Patent Application Publication No. 2014/0124577;-   U.S. Patent Application Publication No. 2014/0124579;-   U.S. Patent Application Publication No. 2014/0125842;-   U.S. Patent Application Publication No. 2014/0125853;-   U.S. Patent Application Publication No. 2014/0125999;-   U.S. Patent Application Publication No. 2014/0129378;-   U.S. Patent Application Publication No. 2014/0131438;-   U.S. Patent Application Publication No. 2014/0131441;-   U.S. Patent Application Publication No. 2014/0131443;-   U.S. Patent Application Publication No. 2014/0131444;-   U.S. Patent Application Publication No. 2014/0131445;-   U.S. Patent Application Publication No. 2014/0131448;-   U.S. Patent Application Publication No. 2014/0133379;-   U.S. Patent Application Publication No. 2014/0136208;-   U.S. Patent Application Publication No. 2014/0140585;-   U.S. Patent Application Publication No. 2014/0151453;-   U.S. Patent Application Publication No. 2014/0152882;-   U.S. Patent Application Publication No. 2014/0158770;-   U.S. Patent Application Publication No. 2014/0159869;-   U.S. Patent Application Publication No. 2014/0160329;-   U.S. Patent Application Publication No. 2014/0166755;-   U.S. Patent Application Publication No. 2014/0166757;-   U.S. Patent Application Publication No. 2014/0166759;-   U.S. Patent Application Publication No. 2014/0166760;-   U.S. Patent Application Publication No. 2014/0166761;-   U.S. Patent Application Publication No. 2014/0168787;-   U.S. Patent Application Publication No. 2014/0175165;-   U.S. Patent Application Publication No. 2014/0175169;-   U.S. Patent Application Publication No. 2014/0175172;-   U.S. Patent Application Publication No. 2014/0175174;-   U.S. Patent Application Publication No. 2014/0191644;-   U.S. Patent Application Publication No. 2014/0191913;-   U.S. Patent Application Publication No. 2014/0197238;-   U.S. Patent Application Publication No. 2014/0197239;-   U.S. Patent Application Publication No. 2014/0197304;-   U.S. Patent Application Publication No. 2014/0203087;-   U.S. Patent Application Publication No. 2014/0204268;-   U.S. Patent Application Publication No. 2014/0214631;-   U.S. Patent Application Publication No. 2014/0217166;-   U.S. Patent Application Publication No. 2014/0217180;-   U.S. patent application Ser. No. 13/367,978 for a Laser Scanning    Module Employing an Elastomeric U-Hinge Based Laser Scanning    Assembly, filed Feb. 7, 2012 (Feng et al.);-   U.S. patent application Ser. No. 29/436,337 for an Electronic    Device, filed Nov. 5, 2012 (Fitch et al.);-   U.S. patent application Ser. No. 13/771,508 for an Optical    Redirection Adapter, filed Feb. 20, 2013 (Anderson);-   U.S. patent application Ser. No. 13/852,097 for a System and Method    for Capturing and Preserving Vehicle Event Data, filed Mar. 28, 2013    (Barker et al.);-   U.S. patent application Ser. No. 13/902,110 for a System and Method    for Display of Information Using a Vehicle-Mount Computer, filed May    24, 2013 (Hollifield);-   U.S. patent application Ser. No. 13/902,144, for a System and Method    for Display of Information Using a Vehicle-Mount Computer, filed May    24, 2013 (Chamberlin);-   U.S. patent application Ser. No. 13/902,242 for a System For    Providing A Continuous Communication Link With A Symbol Reading    Device, filed May 24, 2013 (Smith et al.);-   U.S. patent application Ser. No. 13/912,262 for a Method of Error    Correction for 3D Imaging Device, filed Jun. 7, 2013 (Jovanovski et    al.);-   U.S. patent application Ser. No. 13/912,702 for a System and Method    for Reading Code Symbols at Long Range Using Source Power Control,    filed Jun. 7, 2013 (Xian et al.);-   U.S. patent application Ser. No. 29/458,405 for an Electronic    Device, filed Jun. 19, 2013 (Fitch et al.);-   U.S. patent application Ser. No. 13/922,339 for a System and Method    for Reading Code Symbols Using a Variable Field of View, filed Jun.    20, 2013 (Xian et al.);-   U.S. patent application Ser. No. 13/927,398 for a Code Symbol    Reading System Having Adaptive Autofocus, filed Jun. 26, 2013    (Todeschini);-   U.S. patent application Ser. No. 13/930,913 for a Mobile Device    Having an Improved User Interface for Reading Code Symbols, filed    Jun. 28, 2013 (Gelay et al.);-   U.S. patent application Ser. No. 29/459,620 for an Electronic Device    Enclosure, filed Jul. 2, 2013 (London et al.);-   U.S. patent application Ser. No. 29/459,681 for an Electronic Device    Enclosure, filed Jul. 2, 2013 (Chaney et al.);-   U.S. patent application Ser. No. 13/933,415 for an Electronic Device    Case, filed Jul. 2, 2013 (London et al.);-   U.S. patent application Ser. No. 29/459,785 for a Scanner and    Charging Base, filed Jul. 3, 2013 (Fitch et al.);-   U.S. patent application Ser. No. 29/459,823 for a Scanner, filed    Jul. 3, 2013 (Zhou et al.);-   U.S. patent application Ser. No. 13/947,296 for a System and Method    for Selectively Reading Code Symbols, filed Jul. 22, 2013    (Rueblinger et al.);-   U.S. patent application Ser. No. 13/950,544 for a Code Symbol    Reading System Having Adjustable Object Detection, filed Jul. 25,    2013 (Jiang);-   U.S. patent application Ser. No. 13/961,408 for a Method for    Manufacturing Laser Scanners, filed Aug. 7, 2013 (Saber et al.);-   U.S. patent application Ser. No. 14/018,729 for a Method for    Operating a Laser Scanner, filed Sep. 5, 2013 (Feng et al.);-   U.S. patent application Ser. No. 14/019,616 for a Device Having    Light Source to Reduce Surface Pathogens, filed Sep. 6, 2013    (Todeschini);-   U.S. patent application Ser. No. 14/023,762 for a Handheld Indicia    Reader Having Locking Endcap, filed Sep. 11, 2013 (Gannon);-   U.S. patent application Ser. No. 14/035,474 for Augmented-Reality    Signature Capture, filed Sep. 24, 2013 (Todeschini);-   U.S. patent application Ser. No. 29/468,118 for an Electronic Device    Case, filed Sep. 26, 2013 (Oberpriller et al.);-   U.S. patent application Ser. No. 14/055,234 for Dimensioning System,    filed Oct. 16, 2013 (Fletcher);-   U.S. patent application Ser. No. 14/053,314 for Indicia Reader,    filed Oct. 14, 2013 (Huck);-   U.S. patent application Ser. No. 14/065,768 for Hybrid System and    Method for Reading Indicia, filed Oct. 29, 2013 (Meier et al.);-   U.S. patent application Ser. No. 14/074,746 for Self-Checkout    Shopping System, filed Nov. 8, 2013 (Hejl et al.);-   U.S. patent application Ser. No. 14/074,787 for Method and System    for Configuring Mobile Devices via NFC Technology, filed Nov. 8,    2013 (Smith et al.);-   U.S. patent application Ser. No. 14/087,190 for Optimal Range    Indicators for Bar Code Validation, filed Nov. 22, 2013 (Hejl);-   U.S. patent application Ser. No. 14/094,087 for Method and System    for Communicating Information in an Digital Signal, filed Dec. 2,    2013 (Peake et al.);-   U.S. patent application Ser. No. 14/101,965 for High Dynamic-Range    Indicia Reading System, filed Dec. 10, 2013 (Xian);-   U.S. patent application Ser. No. 14/150,393 for Indicia-reader    Having Unitary Construction Scanner, filed Jan. 8, 2014 (Colavito et    al.);-   U.S. patent application Ser. No. 14/154,207 for Laser Barcode    Scanner, filed Jan. 14, 2014 (Hou et al.);-   U.S. patent application Ser. No. 14/165,980 for System and Method    for Measuring Irregular Objects with a Single Camera filed Jan. 28,    2014 (Li et al.);-   U.S. patent application Ser. No. 14/166,103 for Indicia Reading    Terminal Including Optical Filter filed Jan. 28, 2014 (Lu et al.);-   U.S. patent application Ser. No. 14/200,405 for Indicia Reader for    Size-Limited Applications filed Mar. 7, 2014 (Feng et al.);-   U.S. patent application Ser. No. 14/231,898 for Hand-Mounted    Indicia-Reading Device with Finger Motion Triggering filed Apr. 1,    2014 (Van Horn et al.);-   U.S. patent application Ser. No. 14/250,923 for Reading Apparatus    Having Partial Frame Operating Mode filed Apr. 11, 2014, (Deng et    al.);-   U.S. patent application Ser. No. 14/257,174 for Imaging Terminal    Having Data Compression filed Apr. 21, 2014, (Barber et al.);-   U.S. patent application Ser. No. 14/257,364 for Docking System and    Method Using Near Field Communication filed Apr. 21, 2014    (Showering);-   U.S. patent application Ser. No. 14/264,173 for Autofocus Lens    System for Indicia Readers filed Apr. 29, 2014 (Ackley et al.);-   U.S. patent application Ser. No. 14/274,858 for Mobile Printer with    Optional Battery Accessory filed May 12, 2014 (Marty et al.);-   U.S. patent application Ser. No. 14/277,337 for MULTIPURPOSE OPTICAL    READER, filed May 14, 2014 (Jovanovski et al.);-   U.S. patent application Ser. No. 14/283,282 for TERMINAL HAVING    ILLUMINATION AND FOCUS CONTROL filed May 21, 2014 (Liu et al.);-   U.S. patent application Ser. No. 14/300,276 for METHOD AND SYSTEM    FOR CONSIDERING INFORMATION ABOUT AN EXPECTED RESPONSE WHEN    PERFORMING SPEECH RECOGNITION, filed Jun. 10, 2014 (Braho et al.);-   U.S. patent application Ser. No. 14/305,153 for INDICIA READING    SYSTEM EMPLOYING DIGITAL GAIN CONTROL filed Jun. 16, 2014 (Xian et    al.);-   U.S. patent application Ser. No. 14/310,226 for AUTOFOCUSING OPTICAL    IMAGING DEVICE filed Jun. 20, 2014 (Koziol et al.);-   U.S. patent application Ser. No. 14/327,722 for CUSTOMER FACING    IMAGING SYSTEMS AND METHODS FOR OBTAINING IMAGES filed Jul. 10, 2014    (Oberpriller et al,);-   U.S. patent application Ser. No. 14/327,827 for a MOBILE-PHONE    ADAPTER FOR ELECTRONIC TRANSACTIONS, filed Jul. 10, 2014 (Hejl);-   U.S. patent application Ser. No. 14/329,303 for CELL PHONE READING    MODE USING IMAGE TIMER filed Jul. 11, 2014 (Coyle);-   U.S. patent application Ser. No. 14/333,588 for SYMBOL READING    SYSTEM WITH INTEGRATED SCALE BASE filed Jul. 17, 2014 (Barten);-   U.S. patent application Ser. No. 14/334,934 for a SYSTEM AND METHOD    FOR INDICIA VERIFICATION, filed Jul. 18, 2014 (Hejl);-   U.S. patent application Ser. No. 14/336,188 for METHOD OF AND SYSTEM    FOR DETECTING OBJECT WEIGHING INTERFERENCES, Filed Jul. 21, 2014    (Amundsen et al.);-   U.S. patent application Ser. No. 14/339,708 for LASER SCANNING CODE    SYMBOL READING SYSTEM, filed Jul. 24, 2014 (Xian et al.);-   U.S. patent application Ser. No. 14/340,627 for an AXIALLY    REINFORCED FLEXIBLE SCAN ELEMENT, filed Jul. 25, 2014 (Rueblinger et    al.);-   U.S. patent application Ser. No. 14/340,716 for an OPTICAL IMAGER    AND METHOD FOR CORRELATING A MEDICATION PACKAGE WITH A PATIENT,    filed Jul. 25, 2014 (Ellis);-   U.S. patent application Ser. No. 14/342,544 for Imaging Based    Barcode Scanner Engine with Multiple Elements Supported on a Common    Printed Circuit Board filed Mar. 4, 2014 (Liu et al.);-   U.S. patent application Ser. No. 14/345,735 for Optical Indicia    Reading Terminal with Combined Illumination filed Mar. 19, 2014    (Ouyang);-   U.S. patent application Ser. No. 14/336,188 for METHOD OF AND SYSTEM    FOR DETECTING OBJECT WEIGHING INTERFERENCES, Filed Jul. 21, 2014    (Amundsen et al.);-   U.S. patent application Ser. No. 14/355,613 for Optical Indicia    Reading Terminal with Color Image Sensor filed May 1, 2014 (Lu et    al.);-   U.S. patent application Ser. No. 14/370,237 for WEB-BASED SCAN-TASK    ENABLED SYSTEM AND METHOD OF AND APPARATUS FOR DEVELOPING AND    DEPLOYING THE SAME ON A CLIENT-SERVER NETWORK filed Jul. 2, 2014    (Chen et al.);-   U.S. patent application Ser. No. 14/370,267 for INDUSTRIAL DESIGN    FOR CONSUMER DEVICE BASED SCANNING AND MOBILITY, filed Jul. 2, 2014    (Ma et al.);-   U.S. patent application Ser. No. 14/376,472, for an ENCODED    INFORMATION READING TERMINAL INCLUDING HTTP SERVER, filed Aug. 4,    2014 (Lu);-   U.S. patent application Ser. No. 14/379,057 for METHOD OF USING    CAMERA SENSOR INTERFACE TO TRANSFER MULTIPLE CHANNELS OF SCAN DATA    USING AN IMAGE FORMAT filed Aug. 15, 2014 (Wang et al.);-   U.S. patent application Ser. No. 14/452,697 for INTERACTIVE INDICIA    READER, filed Aug. 6, 2014 (Todeschini);-   U.S. patent application Ser. No. 14/453,019 for DIMENSIONING SYSTEM    WITH GUIDED ALIGNMENT, filed Aug. 6, 2014 (Li et al.);-   U.S. patent application Ser. No. 14/460,387 for APPARATUS FOR    DISPLAYING BAR CODES FROM LIGHT EMITTING DISPLAY SURFACES filed Aug.    15, 2014 (Van Horn et al.);-   U.S. patent application Ser. No. 14/460,829 for ENCODED INFORMATION    READING TERMINAL WITH WIRELESS PATH SELECTION CAPABILITY, filed Aug.    15, 2014 (Wang et al.);-   U.S. patent application Ser. No. 14/462,801 for MOBILE COMPUTING    DEVICE WITH DATA COGNITION SOFTWARE, filed on Aug. 19, 2014    (Todeschini et al.);-   U.S. patent application Ser. No. 14/446,387 for INDICIA READING    TERMINAL PROCESSING PLURALITY OF FRAMES OF IMAGE DATA RESPONSIVELY    TO TRIGGER SIGNAL ACTIVATION filed Jul. 30, 2014 (Wang et al.);-   U.S. patent application Ser. No. 14/446,391 for MULTIFUNCTION POINT    OF SALE APPARATUS WITH OPTICAL SIGNATURE CAPTURE filed Jul. 30, 2014    (Good et al.);-   U.S. patent application Ser. No. 29/486,759 for an Imaging Terminal,    filed Apr. 2, 2014 (Oberpriller et al.);-   U.S. patent application Ser. No. 29/492,903 for an INDICIA SCANNER,    filed Jun. 4, 2014 (Zhou et al.); and-   U.S. patent application Ser. No. 29/494,725 for an IN-COUNTER    BARCODE SCANNER, filed Jun. 24, 2014 (Oberpriller et al.).

In the specification and/or figures, typical embodiments of theinvention have been disclosed. The present invention is not limited tosuch exemplary embodiments. The use of the term “and/or” includes anyand all combinations of one or more of the associated listed items. Thefigures are schematic representations and so are not necessarily drawnto scale. Unless otherwise noted, specific terms have been used in ageneric and descriptive sense and not for purposes of limitation.

1. A system, comprising: an unattended first device comprising: a firstcommunication interface; a first control system communicatively coupledto the first communication interface and comprising at least one firsthardware processor and a first memory storing program codes operable to:send a request to the second device for access credentials; receive theaccess credentials; send the access credentials to the fourth device;and if the access credentials is validated, exchange information withthe fourth device. a second device comprising: a second communicationinterface; a second secured storage element; a second control systemcommunicatively coupled to the second communication interface andcomprising at least one second hardware processor and a second memorystoring program codes operable to: receive a request for the accesscredentials from the first device; send a request for the accesscredentials to the third device; exchange pairing credentials with thethird device to authenticate with the third device; if authenticatedwith the third device, receive the access credentials; and send theaccess credentials to the first device; a third device comprising: athird communication interface; a third control system communicativelycoupled to the third communication interface and comprising at least onethird hardware processor and a third memory storing program codesoperable to: receive a request for the access credentials from thesecond device; exchange pairing credentials with the second device toauthenticate with the second device; if authenticated with the seconddevice, send the access credentials to the second device; and a fourthdevice comprising: a fourth communication interface; a fourth controlsystem communicatively coupled to the fourth communication interface andcomprising at least one fourth hardware processor and a fourth memorystoring program codes operable to: receive access credentials from thefirst device; validate the access credentials; and if validated,exchange information with the first device.
 2. The system of claim 1,wherein the second device is internal to the first device.
 3. The systemof claim 1, further comprising the first device using the accesscredentials to decrypt an encrypted file system.
 4. The system of claim1, wherein the information exchanged between the fourth device and thefirst device comprises one of the group consisting of: information toupdate software on the first device, information to update firmware onthe first device, information to update applications on the firstdevice, information to update program codes on the first device,information to make configuration setting changes on the first device,information to update the operating system on the first device, andinformation pertaining to customer data.
 5. The system of claim 1,wherein the pairing credentials stored in the second device are storedin a tamper resistant manner.
 6. The system of claim 5, wherein thetamper resistant manner comprises use of potted material which woulddestroy one or more components of the second device upon removal.
 7. Thesystem of claim 1, wherein the pairing credentials stored in the seconddevice are stored in a manner to provide for tamper detection.
 8. Thesystem of claim 7, wherein the manner to provide for tamper detectioncomprises one of the group consisting of: detection of ultravioletfluorescent chemicals, detection of varying temperature, detection ofvarying clocking information, detection of varying voltage, anddetection of varying electrical signals.
 9. The system of claim 7,wherein the second device, upon tamper detection, is further operableto: report the detected tampering; and disable one or more components ofthe second device.
 10. The system of claim 1, wherein the pairingcredentials are stored according to National Institute of Standards andTechnology (NIST) standards.
 11. The system of claim 1, wherein thepairing credentials exchanged between the second and third device areexchanged by out-of-band means.
 12. The system of claim 11, wherein theout-of-band means comprises one of the group consisting of: direct userinput at the second and third devices, use of a thumb drive at thesecond and third devices, use of a universal serial bus (USB) cablebetween the second and third device, or use of wired Ethernet cablebetween the second and third device.
 13. The system of claim 1, whereinthe pairing credentials exchanged between the second and third deviceare exchanged by use of a wireless communication channel.
 14. The systemof claim 13, wherein the wireless communication channel comprises one ofthe group consisting of: Bluetooth and a near field communication (NFC).15. The system of claim 14, wherein the wireless communication channelis secured with an encryption algorithm.
 16. The system of claim 1,wherein the second device is a dock for the first device with at leastone mechanism for providing user level authentication, wherein themechanism for providing user level authentication is selected from thegroup consisting of: a common access card (CAC) reader, a touchscreen, akeypad, and a display for password entry.
 17. The system of claim 1,wherein the access credentials comprise one of a group consisting of: aone-time password, a symmetric key, a public key along with its privatekey, and a public key cryptography standard (PKCS) certificate.
 18. Thesystem of claim 1, wherein the second device is further operable to:send a pairing request with initial credentials to the third device;receive an acceptance of the pairing request form the third device; andexchange pairing credentials with the third device.
 19. The system ofclaim 1, wherein the third device is further operable to: receive apairing request with initial credentials from the second device; send anacceptance of the pairing request to the second device; and exchangepairing credentials with the second device.
 20. The system of claim 1,wherein the second device is further operable to: store the accesscredentials.